Attackers can exploit these issues to steal cookie-based authentication credentials, to execute arbitrary local scripts in the context of the web server process, or to execute arbitrary code in the context of the affected application and to bypass certain security restrictions and perform unauthorized actions.